Here is an example:
<?php$mysqli = new mysqli("localhost", "my_user", "my_password", "world");/* check connection */if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit();}$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");$city = "'s Hertogenbosch";/* this query will fail, cause we didn't escape $city */if (!$mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) { printf("Error: %s\n", $mysqli->sqlstate);}$city = $mysqli->real_escape_string($city);/* this query with escaped $city will work */if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) { printf("%d Row inserted.\n", $mysqli->affected_rows);}$mysqli->close();?>
Greets Wtfox
